This is a blog of essays on public policy. It shuns ideology and applies facts, logic and math to economic, social and political problems. It has a subject-matter index, a list of recent posts, and permalinks at the ends of posts. Comments are moderated and may take time to appear. Note: Profile updated 4/7/12

24 June 2005

Nuclear-Plant Terrorism: A Solvable Problem

Last week's Time Magazine (June 20, 2005, page 34) featured a discussion of the risk of terrorism at nuclear power plants. Among the article’s principal conclusions was that nuclear plants may be insufficiently guarded and that some are poorly designed to thwart terrorist activity.

Time’s article might have two effects, one good and one bad. If it motivates Congress or the nuclear industry to take better precautions to prevent terrorism at nuclear plants, it will have served the public well. If it exacerbates the public’s already irrational fear of nuclear power, it will have done our nation a grave disservice. Among other things, it may falsely overestimate the relative merits of coal, the dirtiest fuel known to mankind.

What Time’s article did not say is that the problem of nuclear-plant terrorism can be solved. Time focused on the “political” problem of too few security guards to handle a terrorist attack of the same magnitude as occurred on September 11. But the risks of such an attack can be handled just as well by a variety of technological means. This essay discusses those means.

Terrorism at nuclear power plants presents only two risks: induced meltdown and misuse of nuclear material, most likely in an on-site “dirty bomb.” As both technical reports and the popular press have repeatedly emphasized, there is no—repeat no—risk of an atomic explosion at nuclear power plants, whether by accident or through terrorism. An atomic bomb requires special assembly, explosives, and precise triggering, and no nuclear power plant has anything like the necessary means to create one.

The risk of induced meltdown is by far the most serious real threat. A “meltdown” is a “runaway” or uncontrolled nuclear reaction, of the very same kind used to generate the heat that makes electricity. Understanding what might cause a meltdown requires understanding how nuclear fission works.

Stripped to its essence, nuclear fission is quite simple. Radioactive material used as fuel in nuclear power plants undergoes spontaneous fission, known as “radioactive decay.” At any moment a small fraction of the atoms in it split on their own, at random, without prompting. (This random splitting produces the characteristic sound of random clicks in a Geiger counter or other radiation detector.)

When an atoms splits, its produces three things: atoms of lighter elements, energy, and a neutron. The lighter elements constitute “spent” fuel. The energy eventually appears as heat, which is used to fire a turbine to make electricity. The neutron, however, is the key to the whole power-production process, for it can induce fission of other atoms before they would split on their own.

When a neutron from one splitting atom hits another atom of fuel, it can make that second atom split, too. When the second atom splits, it also produces a neutron, which can induce further splitting of a third atom, and so on. If the block of fuel is sufficiently large, this induced fusion is self sustaining, in a so-called “chain reaction.” The heat from the chain reaction produces the “fire” in a nuclear power plant, which is used to produce electricity in much the same way as heat from a coal, gas or oil fire.

The existence of a nuclear chain reaction, however, depends upon the size and weight of the fuel sample. A small amount of fuel just sits there, slowly decaying atom by atom, with no chain reaction. Only when the size and weight of the sample approach a “critical mass” will the chain reaction become self sustaining.

If the minimum critical mass of fuel is cut in half, the reaction will still continue as long as the two halves are close together. As the two halves get farther and farther apart, however, the chain reaction will weaken or die. The reason is that each half requires the neutrons emanating from the other half to sustain the chain reaction. (Since the neutrons from each half radiate in random directions, more and more neutrons from each half “miss” the other half as the two are moved apart.)

These simple facts of nuclear fusion are the basis for designing controllable nuclear power plants. The design creates or withdraws a critical mass of fuel by moving parts of the fuel (in solid form) together or apart. In some plants, operators insert rods of nuclear fuel into holes in other nuclear fuel to start the chain reaction. When they want to cool the reaction down or shut it off, they withdraw the rods to destroy the critical mass. (In other types of plants, rods of “damper” material, which absorbs neutrons with no reaction, are inserted into the fuel to slow or stop the chain reaction or withdrawn to speed it up.)

Once a chain reaction is self-sustaining, it goes on until most of the fuel’s atoms are split, i.e., until the fuel is exhausted. In the process it releases a lot of heat. When a power plant operates normally, coolant carries the heat off to a turbine or other heat engine, where it produces electricity. But suppose the flow of coolant is interrupted. What then?

If chain-reacting nuclear fuel is not cooled, it will continue to release heat and get hotter and hotter. Eventually, it will melt. (After all, the fuel is just an exotic, radioactive metal.) If the fuel continues melting and stays in the form of a critical mass as it melts, it will get so hot that it eventually will begin to vaporize itself or the material and structures around it. If nothing stops this process, the heat and vaporization will build up sufficient pressure to breach the massive containment vessel and release radioactive material into the atmosphere. Such an event is called a “meltdown;” it’s what happened at Chernobyl.

The italicized clause above, however, contains the secret for building meltdown-proof nuclear power plants. In order for a containment breach to occur, the nuclear fuel must stay concentrated in a critical mass as and after it melts. If it can be broken into small, sub-critical components as it melts, the chain reaction will stop, and the molten fuel will cool long before creating sufficient vaporization pressure to breach the containment vessel.

This is exactly what the new power plant designs do. Underneath the fuel assembly, they have channels to direct molten fuel into small, separate compartments of subcritical size. If the fuel should ever melt—whether due to an accident or to terrorist activity—the molten fuel flows into these separate compartments and becomes subcritical, thereby shutting down the chain reaction. The fuel cools harmlessly in its new, separated compartments (which have a much higher melting point than the fuel, and so stay solid), and no meltdown or containment breach occurs.

The beauty of this design is that it requires no electrical power or human intervention to stop a meltdown. All it requires is gravity, which even the most clever terrorists cannot turn off.

All new nuclear power plants can and should be built with this new meltdown- proof design. If they are, the gravest threat of both nuclear accidents and nuclear-plant terrorism—a meltdown—will simply disappear. There will be no way to induce a meltdown that leads to a containment breach short of rebuilding the plant.

That leaves the problem of currently operating plants, which do not use this clever meltdown-proof design. In Time’s estimation, some of these plants are not only susceptible to meltdown but have controls configured so that knowledgeable people (such as terrorists) can use the plant’s own controls to induce a meltdown. What can be done about them?

The first and most important point to be made is that most of these plants are nearing the end of their useful lives and must be decommissioned and rebuilt soon. The last nuclear plant built in the United States was built in the seventies, and the legal lifetime of such plants is typically 30 years, and no more than 40. When existing plants are decommissioned and rebuilt, they can and should be built according to the new, meltdown-proof design.

In the interim, there are a number of common-sense steps that can be taken to reduce the risk of a terrorist-induced meltdown at currently-existing plants nearing the end of their commercial life. Some of these steps could be taken at any regularly-scheduled maintenance shutdown. Here are only a few:

1. Anti-meltdown hardware “interlocks.” It would be a relatively simple matter to install anti-meltdown devices in existing power plants. When the reactor core temperature or pressure gets too high, for whatever reasons, these devices would simply remove the fuel rods (or insert the damper rods) and shut the reactor down.

These devices could be designed to be “foolproof” both by making it impossible to stop their operation manually and by giving them hidden, hardened back power that would remain in operation even, for example, if terrorists cut power from the plant itself or outside sources. They also could be made doubly or triply redundant to reduce the risk that terrorists could find and defeat them all. To insure that terrorists couldn’t simply restart the plant, these devices could prevent restarting unless (for example) de-activated by a secret code known only to regional or Washington based security headquarters, and not known to anyone at the particular plant.

The very idea that plant operators can voluntarily induce a meltdown derives from an earlier, more innocent era. Remember, it was only beginning in the seventies, with the advent of terrorist hijackings, that airplane passengers could no longer walk directly from the ticket counter to their seats, but had to go through security. By that time, most existing nuclear power plants were already designed and built. Today’s realities demand fail-safe systems. Fortunately, those systems should not be hard to design, build and install, as nuclear power plants already have numerous means to measure reactor core temperature and pressure.

2. Anti-terrorist technology. In addition to such hardware interlocks, modern digital computer technology provides a number of means to insure that terrorists would not be able to induce a meltdown even if they penetrated a nuclear power plant’s control room. Here are just a few ideas:

a. A “Panic Button” could initiate a computer-controlled shutdown (managed by hidden, hardened computers with separate power backup) at the instance of plant operating personnel. The “button” could be voice activated (keyed to plant operators’ digital voice signatures) to allow for operation even while under attack.

b. A “dead man” switch keyed to operating personnel’s voices could require periodic activation, without which the plant would automatically shut down under computer control.

c. A sleep-inducing gas could be released into the control room under the control of security personnel, if the control room were captured or penetrated. (A less dangerous gas than the one used by the Russians to clear the Nord-Ost Theater of terrorists in Moscow could be used. Even if that same gas were used, it would likely cause fewer casualties, for the power plant’s staff would not have been starved and dehydrated for several days like the hostages in Moscow.)

The bottom line is that the risk of terrorist-induced meltdown can be virtually eliminated by technical means, even assuming that terrorist attackers could penetrate and occupy a nuclear plant’s control room. Plants built to the new design simply will not have a meltdown risk. Existing plants can—and should—be retrofitted with failsafe technology (if they haven’t already been) at the earliest opportunity, preferably the next regularly scheduled maintenance shutdown.

This leaves only one other credible risk of terrorist activity related to nuclear power plants: abuse of reactor fuel. There are typically two types of fuel at nuclear power plants: (1) operating fuel and (2) spent fuel (nuclear waste). Operating fuel sits inside the containment vessel, which is typically made of feet of reinforced concrete and inches of stainless steel. These vessels require cranes and other heavy equipment to disassemble. As Time’s article pointed out, they are hard to get into because they are designed to be hard to breach. Moreover, reactor fuel is extremely heavy and in metallic form. It would require disassembly (or cutting apart) and careful placement around high explosives even to make a dirty bomb. The notion that security forces would be unable to retake the plant or kill the terrorists (for example, using poison gas or napalm) during the several hours it would take terrorists to do all this is simply incredible.

A slightly more realistic risk is theft or use of the spent fuel stored outside the plant’s containment vessel. Yet here again, the obstacles to successful terrorist activity are overwhelming. Like the operating fuel, the spent fuel is extremely heavy and in metallic form. Terrorists would have to raise it out of the storage pools, with the aid of heavy equipment or at least crude pulleys, cut it apart, place it meticulously around shaped charges, and detonate it.

Doing so would not produce an atomic explosion. Rather, the terrorists’ goal would be to disburse the dangerously radioactive material as widely as possible by means of a massive conventional explosion. That task, however, would be similar to vaporizing and disbursing bars of lead or chunks of the weights used to “pump iron.” It’s unclear to this writer whether such a plan is possible even in theory, or whether the terrorists would have to grind the nuclear fuel to a powder first—a task that would require special equipment and take additional time.

The bottom line with respect to fuel is that building a dirty bomb on site is simply not feasible in the time that terrorists would have before security backup forces arrived. While extracting the nuclear fuel and assembling such a bomb, they would be vulnerable to destruction by all sorts of weapons designed for use in confined space, including poison gas, napalm, and concussion grenades. The technical and military obstacles are so overwhelming that no thinking terrorist likely would even attempt such a move.

A final potential risk, in theory, is terrorists stealing the nuclear material. Yet, here again, the same insuperable obstacles arise. Nuclear material, whether operating or waste, is extremely heavy and comes in metallic form in large pieces. Terrorists would have to raise it out of the reactor pit or cooling pools, cut pieces off, transport them to a waiting vehicle, and make a getaway—all before backup security forces arrived. Then they would have to disappear from the roads quickly, as the radioactivity of their “loot” would provide a unique signature visible from the air with proper equipment. Unless security is totally asleep at the switch, the chances of all this happening are next to nil.

Three conclusions derive from this analysis. First, new plants with the new meltdown-proof design will have virtually no risk of nuclear-plant terrorism. Second, the risk for existing nuclear plants can be reduced to the vanishing point, if not eliminated, by technical measures, quite apart from the effectiveness of first-line security forces. Third and finally, if proper precautions are taken, the public need have no more fear of terrorism at nuclear power plants than at power plants of other design.

What are the necessary precautions? There are four. First, the new meltdown-proof design must be used (and should be mandated by law) for all new nuclear power plants and existing power plants when decommissioned and reconstructed. Second, retrofitting of automatic, hidden and hardened meltdown-prevention technology should begin immediately (if it hasn’t already), at each regularly scheduled maintenance shutdown of each existing plant. Third, security forces should consider carefully the defense advantages offered by the confined spaces of nuclear power plants and should provide themselves with appropriate weaponry, including poison gas, napalm, and concussion grenades. Finally, as Time’s article hinted, the National Guard or other military forces should be commissioned to provide backup security, on standby alert, for every nuclear power plant without a meltdown-proof design.

All these precautions are feasible and desirable. With them, nuclear power will present no greater danger (of terrorism or otherwise) than power derived from gas, oil, or coal. Indeed, future nuclear power plants, with the new meltdown-proof design, will pose virtually no special risk of vulnerability to terrorism. With these precautions, the public will be freed at last from irrational fears of this modern, clean energy source. It will therefore (one hopes) think twice before condemning itself to a life of smoggy skies, acid rain, asthma, and lakes, rivers and fish polluted by coal-produced mercury.

0 Comments:

Links to this post:

About Me

This blog reflects a quarter century of study and forty years of careers in science/engineering (7 years), law practice (8 years) and law teaching (25 years). A short bio and legal publication list appear here. My pre-retirement 2010 CV appears here.
As I get older, I find myself thinking more like an engineer and less like a lawyer or law professor. Our “advocacy” professions—law, politics, public relations and advertising—train people to take a predetermined position and support it against all opposition. That’s not the best way to make things work—which is what engineers do.
What gets me up in the morning is figuring out how things work and how to make them work better, whether they be vehicles, energy systems, governments or nations.
This post explains my respect for math and why you’ll find lots of tables and a few graphs and equations on this blog. If you like that way of thinking, this blog is for you.